You only have two options left, S3 or Dynamo (Aurora, RDS they both have a maximum amount)

You want something realtime?

Try Kinesis

CloudWatch logs some times can work too, (but not cloud trail, there is always a minutes delay of cloud trail)

Some Tips

I hope you understand, the tips below cannot help you to pass a cert test or help you gain huge amount of cloud architect/development experience, but it can help to easily detect the options which make no sense.

lambda should not be used for creating snapsot

s3 galcier expected retrieval 1~5 minutes

no source ip filter for s3

nat gateway not support ipv4, egress-only does

health check

2xx 3xx

autora can scale automatically, no other lambda or event

athena, query s3 through sql

ebs limit 16tb

snowmobile > 10pb

cloudtrail logs are not real time 5-15min delay

aws config rule is for monitor

cloudformation, stck policy is used for update

dynamo no max size limit

aurora 64tb

ebs 16tb 20k iops (general is 10k)

firehose is more expensive than stream

WAF on cloudfront not for auto scal group

AWS shield on route 53

kinesis cannot stream data from s3, source cannot be s3, target can

target group helath check need http/s alb

sqs worker can be another region

DMS, by default engine will be innodb

cannot update a sqs queue to fifo, if want, you have to delete then recreate one

cognito identiy pool can use for auth aws resource, user pools just a users directory

AWSBasePatch not AWS Windows Patch

instacne can bem oved in a placementgroup without termination

if want service limit from cloud watch you need aws business support plan

certificate for elb cannot be cross region

rds support sql server/oracle, but not db2

dynamo is not supported by cloud watch event, you need cloud trails

dynamo stream to record item change activities

lambda can be uses to start/stop beanstalk env

red shift cluster is single az

cloud watch event do not suppport s3

aws opsworks are not os patches

video stream cannot save video to s3 directly

enbaleDnsHostname to determine if whthin vpc or public

enableDnsSupport id aws dns is supported in vpc

ebs rds cross region copy

(physical to virtual) p2v is not supported by servier migration service

cache control header annot be set in cloudfront

P.S.

Please do not relay on these tips too much here, there might be errors and might be outdated in the future too.
## BTW
- Do use it (AWS services)
- Do design some architecture for a solution (from simple)
- Do play around it